feat: Add support for AES-GCM family

README.md

@@ -77,6 +77,8 @@ Currently the library supports:
 * EncryptedData using:
   * http://www.w3.org/2001/04/xmlenc#aes128-cbc
   * http://www.w3.org/2001/04/xmlenc#aes256-cbc
+  * http://www.w3.org/2009/xmlenc11#aes128-gcm
+  * http://www.w3.org/2009/xmlenc11#aes256-gcm
   * http://www.w3.org/2001/04/xmlenc#tripledes-cbc (Insecure Algorithm)
 
 Insecure Algorithms can be disabled via disallowEncryptionWithInsecureAlgorithm/disallowDecryptionWithInsecureAlgorithm flags when encrypting/decrypting. This flag is off by default in 0.x versions.

lib/xmlenc.js

@@ -78,6 +78,12 @@ function encrypt(content, options, callback) {
       case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
         crypto.randomBytes(32, cb); // generate a symmetric random key 32 bytes length
         break;
+      case 'http://www.w3.org/2009/xmlenc11#aes128-gcm':
+        crypto.randomBytes(16, cb); // generate a symmetric random key 16 bytes length
+        break;
+      case 'http://www.w3.org/2009/xmlenc11#aes256-gcm':
+        crypto.randomBytes(32, cb); // generate a symmetric random key 32 bytes length
+        break;
       case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
         crypto.randomBytes(24, cb); // generate a symmetric random key 24 bytes (192 bits) length
         break;
@@ -100,6 +106,18 @@ function encrypt(content, options, callback) {
           cb(null, encryptedContent);
         });
         break;
+      case 'http://www.w3.org/2009/xmlenc11#aes128-gcm':
+        encryptWithAlgorithm('aes-128-gcm', symmetricKey, 12, content, options.input_encoding, function (err, encryptedContent) {
+          if (err) return cb(err);
+          cb(null, encryptedContent);
+        });
+        break;
+      case 'http://www.w3.org/2009/xmlenc11#aes256-gcm':
+        encryptWithAlgorithm('aes-256-gcm', symmetricKey, 12, content, options.input_encoding, function (err, encryptedContent) {
+          if (err) return cb(err);
+          cb(null, encryptedContent);
+        });
+        break;
       case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
         encryptWithAlgorithm('des-ede3-cbc', symmetricKey, 8, content, options.input_encoding, function (err, encryptedContent) {
           if (err) return cb(err);
@@ -114,7 +132,6 @@ function encrypt(content, options, callback) {
   function encrypt_key(symmetricKey, encryptedContent, cb) {
     encryptKeyInfo(symmetricKey, options, function(err, keyInfo) {
       if (err) return cb(err);
-
       var result = utils.renderTemplate('encrypted-key', {
         encryptedContent: encryptedContent.toString('base64'),
         keyInfo: keyInfo,
@@ -170,14 +187,17 @@ function decrypt(xml, options, callback) {
     var encryptedContent = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='CipherData']/*[local-name(.)='CipherValue']", doc)[0];
 
     var encrypted = Buffer.from(encryptedContent.textContent, 'base64');
-
     switch (encryptionAlgorithm) {
       case 'http://www.w3.org/2001/04/xmlenc#aes128-cbc':
         return callback(null, decryptWithAlgorithm('aes-128-cbc', symmetricKey, 16, encrypted));
       case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
         return callback(null, decryptWithAlgorithm('aes-256-cbc', symmetricKey, 16, encrypted));
       case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
         return callback(null, decryptWithAlgorithm('des-ede3-cbc', symmetricKey, 8, encrypted));
+      case 'http://www.w3.org/2009/xmlenc11#aes128-gcm':
+        return callback(null, decryptWithAlgorithm('aes-128-gcm', symmetricKey, 12, encrypted));
+      case 'http://www.w3.org/2009/xmlenc11#aes256-gcm':
+        return callback(null, decryptWithAlgorithm('aes-256-gcm', symmetricKey, 12, encrypted));
       default:
         return callback(new Error('encryption algorithm ' + encryptionAlgorithm + ' not supported'));
     }
@@ -237,24 +257,34 @@ function encryptWithAlgorithm(algorithm, symmetricKey, ivLength, content, encodi
     var cipher = crypto.createCipheriv(algorithm, symmetricKey, iv);
     // encrypted content
     var encrypted = cipher.update(content, encoding, 'binary') + cipher.final('binary');
-    return callback(null, Buffer.concat([iv, Buffer.from(encrypted, 'binary')]));
+    var authTag = algorithm.slice(-3) === "gcm" ? cipher.getAuthTag() : Buffer.from("");
+    //Format mentioned: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+    var r = Buffer.concat([iv, Buffer.from(encrypted, 'binary'), authTag]);
+    return callback(null, r);
   });
 }
 
 function decryptWithAlgorithm(algorithm, symmetricKey, ivLength, content) {
   var decipher = crypto.createDecipheriv(algorithm, symmetricKey, content.slice(0,ivLength));
   decipher.setAutoPadding(false);
 
+  if (algorithm.slice(-3) === "gcm") {
+    decipher.setAuthTag(content.slice(-16));
+    content = content.slice(0,-16);
+  }
   var decrypted = decipher.update(content.slice(ivLength), null, 'binary') + decipher.final('binary');
 
+if (algorithm.slice(-3) !== "gcm") {
   // Remove padding bytes equal to the value of the last byte of the returned data.
+  // Padding for GCM not required per: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
   var padding = decrypted.charCodeAt(decrypted.length - 1);
   if (1 <= padding && padding <= ivLength) {
     decrypted = decrypted.substr(0, decrypted.length - padding);
   } else {
     callback(new Error('padding length invalid'));
     return;
   }
+}
 
   return Buffer.from(decrypted, 'binary').toString('utf8');
 }